/** * see if we can find an algorithm (or its alias and what it represents) in the property table for * the given provider. * * @return null if no algorithm found, an Implementation if it is. */ static Implementation getImplementation( String baseName, String algorithm, Provider prov, Class[] ctorparamtype, Object[] ctorparam) throws InvalidAlgorithmParameterException { String alias; while ((alias = prov.getProperty("Alg.Alias." + baseName + "." + algorithm)) != null) { algorithm = alias; } String className = prov.getProperty(baseName + "." + algorithm); if (className != null) { try { return new Implementation( Class.forName(className).getConstructor(ctorparamtype).newInstance(ctorparam), prov); } catch (ClassNotFoundException e) { throw new IllegalStateException( "algorithm " + algorithm + " in provider " + prov.getName() + " but no class found!"); } catch (Exception e) { if (e instanceof InvalidAlgorithmParameterException) { throw (InvalidAlgorithmParameterException) e; } throw new IllegalStateException( "algorithm " + algorithm + " in provider " + prov.getName() + " but class inaccessible!"); } } return null; }
static { for (Provider provider : Security.getProviders()) { if (provider.getName().startsWith("SunPKCS11")) { Security.removeProvider(provider.getName()); } } }
private void premain(Provider p) throws Exception { long start = System.currentTimeMillis(); System.out.println("Running test with provider " + p.getName() + "..."); main(p); long stop = System.currentTimeMillis(); System.out.println( "Completed test with provider " + p.getName() + " (" + (stop - start) + " ms)."); }
public String getSecurityProviders() { StringBuilder sb = new StringBuilder(); Provider[] p = Security.getProviders(); for (Provider provider : p) { sb.append(provider.getName()) .append(" ") .append(provider.getVersion()) .append(" ") .append(provider.getInfo()) .append("<br>"); } Set<String> s = Security.getAlgorithms("MessageDigest"); for (String string : s) { sb.append(string).append(" "); } sb.append(Integer.toBinaryString(7)) .append(" ") .append(Integer.toOctalString(15)) .append(" ") .append(Integer.toHexString(17)); return sb.toString(); }
/** 获取当前所有提供者 */ public static void getAllProviders() { for (Provider provider : Security.getProviders()) { System.out.println("provider name:" + provider.getName()); for (Map.Entry<Object, Object> map : provider.entrySet()) { System.out.println("key=" + map.getKey()); System.out.println("value=" + map.getValue()); } } }
/** * see if we can find an algorithm (or its alias and what it represents) in the property table for * the given provider. * * @return null if no algorithm found, an Implementation if it is. */ static Implementation getImplementation(String baseName, String algorithm, Provider prov) { if (prov == null) { Provider[] provider = Security.getProviders(); // // search every provider looking for the algorithm we want. // for (int i = 0; i != provider.length; i++) { Implementation imp = getImplementation(baseName, algorithm, provider[i]); if (imp != null) { return imp; } } return null; } String alias; while ((alias = prov.getProperty("Alg.Alias." + baseName + "." + algorithm)) != null) { algorithm = alias; } String className = prov.getProperty(baseName + "." + algorithm); if (className != null) { try { return new Implementation(Class.forName(className).newInstance(), prov); } catch (ClassNotFoundException e) { throw new IllegalStateException( "algorithm " + algorithm + " in provider " + prov.getName() + " but no class found!"); } catch (Exception e) { throw new IllegalStateException( "algorithm " + algorithm + " in provider " + prov.getName() + " but class inaccessible: " + e.toString()); } } return null; }
static Instance getInstance(String type, Class<?> clazz, String algorithm, Provider provider) throws NoSuchAlgorithmException { Service s = GetInstance.getService(type, algorithm, provider); Exception ve = JceSecurity.getVerificationResult(provider); if (ve != null) { String msg = "JCE cannot authenticate the provider " + provider.getName(); throw new SecurityException(msg, ve); } return GetInstance.getInstance(s, clazz); }
/** * Inizializza il Verificatore passandogli come parametro la busta crittografica di cui deve * verificare la firma * * @param signedData la busta crittografica da controllare * @param token Il token crittografico contenente i certicati di ROOT utilizzati dal verificatore * per verificare l'affidabilità dei certificati dei firmatari */ CadesBESVerifier(CMSSignedData signedData, CRToken token) { // inizializza il provider di Bouncy Castle Provider p1 = new BouncyCastleProvider(); Security.addProvider(p1); this.bcProvName = p1.getName(); this.signedData = signedData; if (this.signedData == null) throw new NullPointerException(); if (token != null) this.token = token; this.certStore = this.signedData.getCertificates(); }
static Provider findProvider(String name) { Provider[] providers = Security.getProviders(); Provider registeredProvider = null; for (Provider provider : providers) { if (name.equals(provider.getName())) { registeredProvider = provider; break; } } return registeredProvider; }
private static Object findImplEngine(final String baseName, String algorithm) { final Provider bcProvider = securityProvider; String alias; while ((alias = bcProvider.getProperty("Alg.Alias." + baseName + "." + algorithm)) != null) { algorithm = alias; } final String className = bcProvider.getProperty(baseName + "." + algorithm); if (className != null) { try { Class klass; ClassLoader loader = bcProvider.getClass().getClassLoader(); if (loader != null) { klass = loader.loadClass(className); } else { klass = Class.forName(className); } return klass.newInstance(); } catch (ClassNotFoundException e) { throw new IllegalStateException( "algorithm " + algorithm + " in provider " + bcProvider.getName() + " but no class \"" + className + "\" found!"); } catch (Exception e) { throw new IllegalStateException( "algorithm " + algorithm + " in provider " + bcProvider.getName() + " but class \"" + className + "\" inaccessible!"); } } return null; }
public static void testDefault(PKCS11Test test) throws Exception { // run test for default configured PKCS11 providers (if any) if ("true".equals(System.getProperty("NO_DEFAULT"))) { return; } Provider[] providers = Security.getProviders(); for (int i = 0; i < providers.length; i++) { Provider p = providers[i]; if (p.getName().startsWith("SunPKCS11-")) { test.premain(p); } } }
private static void checkProviderInfoEntries(Provider p) throws Exception { String value = (String) p.get("Provider.id name"); if (!SampleProvider.NAME.equalsIgnoreCase(value) || !p.getName().equalsIgnoreCase(value)) { throw new Exception("Test Failed: incorrect name!"); } value = (String) p.get("Provider.id info"); if (!SampleProvider.INFO.equalsIgnoreCase(value) || !p.getInfo().equalsIgnoreCase(value)) { throw new Exception("Test Failed: incorrect info!"); } value = (String) p.get("Provider.id className"); if (!p.getClass().getName().equalsIgnoreCase(value)) { throw new Exception("Test Failed: incorrect className!"); } double dvalue = Double.parseDouble((String) p.get("Provider.id version")); if ((SampleProvider.VERSION != dvalue) || p.getVersion() != dvalue) { throw new Exception("Test Failed: incorrect version!"); } System.out.println("Test Passed"); }
public void main(Provider p) throws Exception { /* * Use Solaris SPARC 11.2 or later to avoid an intermittent failure * when running SunPKCS11-Solaris (8044554) */ if (p.getName().equals("SunPKCS11-Solaris") && System.getProperty("os.name").equals("SunOS") && System.getProperty("os.arch").equals("sparcv9") && System.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println( "SunPKCS11-Solaris provider requires " + "Solaris SPARC 11.2 or later, skipping"); return; } long start = System.currentTimeMillis(); provider = p; data = new byte[2048]; new Random().nextBytes(data); KeyStore ks = getKeyStore(); KeyFactory kf = KeyFactory.getInstance("RSA", provider); for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) { String alias = (String) e.nextElement(); if (ks.isKeyEntry(alias)) { System.out.println("* Key " + alias + "..."); PrivateKey privateKey = (PrivateKey) ks.getKey(alias, password); PublicKey publicKey = ks.getCertificate(alias).getPublicKey(); privateKey = (PrivateKey) kf.translateKey(privateKey); publicKey = (PublicKey) kf.translateKey(publicKey); test(privateKey, publicKey); } } long stop = System.currentTimeMillis(); System.out.println("All tests passed (" + (stop - start) + " ms)."); }
/** * Makes sure all all expected implementations (but not aliases) and that there are no extras, * according to what we expect from StandardNames */ public void test_Provider_getServices() throws Exception { // build set of expected algorithms Map<String, Set<String>> remaining = new HashMap<String, Set<String>>(StandardNames.PROVIDER_ALGORITHMS); for (Entry<String, Set<String>> entry : remaining.entrySet()) { entry.setValue(new HashSet<String>(entry.getValue())); } List<String> extra = new ArrayList(); List<String> missing = new ArrayList(); Provider[] providers = Security.getProviders(); for (Provider provider : providers) { String providerName = provider.getName(); // ignore BouncyCastle provider if it is installed on the RI if (StandardNames.IS_RI && providerName.equals("BC")) { continue; } Set<Provider.Service> services = provider.getServices(); assertNotNull(services); assertFalse(services.isEmpty()); for (Provider.Service service : services) { String type = service.getType(); String algorithm = service.getAlgorithm().toUpperCase(); String className = service.getClassName(); if (false) { System.out.println(providerName + " " + type + " " + algorithm + " " + className); } // remove from remaining, assert unknown if missing Set<String> algorithms = remaining.get(type); if (algorithms == null || !algorithms.remove(algorithm)) { // seems to be missing, but sometimes the same // algorithm is available from multiple providers // (e.g. KeyFactory RSA is available from // SunRsaSign and SunJSSE), so double check in // original source before giving error if (!(StandardNames.PROVIDER_ALGORITHMS.containsKey(type) && StandardNames.PROVIDER_ALGORITHMS.get(type).contains(algorithm))) { extra.add("Unknown " + type + " " + algorithm + " " + providerName + "\n"); } } if (algorithms != null && algorithms.isEmpty()) { remaining.remove(type); } // make sure class exists and can be initialized try { assertNotNull(Class.forName(className, true, provider.getClass().getClassLoader())); } catch (ClassNotFoundException e) { // Sun forgot their own class if (!className.equals("sun.security.pkcs11.P11MAC")) { missing.add(className); } } } } // assert that we don't have any extra in the implementation Collections.sort(extra); // sort so that its grouped by type assertEquals("Extra algorithms", Collections.EMPTY_LIST, extra); // assert that we don't have any missing in the implementation assertEquals("Missing algorithms", Collections.EMPTY_MAP, remaining); // assert that we don't have any missing classes Collections.sort(missing); // sort it for readability assertEquals("Missing classes", Collections.EMPTY_LIST, missing); }
/** * Makes sure all provider properties either point to a class implementation that exists or are * aliases to known algorithms. */ public void test_Provider_Properties() throws Exception { /* * A useful reference on Provider properties * <a href="http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/HowToImplAProvider.html> * How to Implement a Provider in the Java ™ Cryptography Architecture * </a> */ Provider[] providers = Security.getProviders(); for (Provider provider : providers) { // check Provider.id proprieties assertEquals(provider.getName(), provider.get("Provider.id name")); assertEquals(String.valueOf(provider.getVersion()), provider.get("Provider.id version")); assertEquals(provider.getInfo(), provider.get("Provider.id info")); assertEquals(provider.getClass().getName(), provider.get("Provider.id className")); // build map of all known aliases and implementations Map<String, String> aliases = new HashMap<String, String>(); Map<String, String> implementations = new HashMap<String, String>(); for (Entry<Object, Object> entry : provider.entrySet()) { Object k = entry.getKey(); Object v = entry.getValue(); assertEquals(String.class, k.getClass()); assertEquals(String.class, v.getClass()); String key = (String) k; String value = (String) v; // skip Provider.id keys, we check well known ones values above if (key.startsWith("Provider.id ")) { continue; } // skip property settings such as: "Signature.SHA1withDSA ImplementedIn" "Software" if (key.indexOf(' ') != -1) { continue; } Matcher m = alias.matcher(key); if (m.find()) { String type = m.group(1); aliases.put(key, type + "." + value); } else { implementations.put(key, value); } } // verify implementation classes are available for (Entry<String, String> entry : implementations.entrySet()) { String typeAndAlgorithm = entry.getKey(); String className = entry.getValue(); try { assertNotNull(Class.forName(className, true, provider.getClass().getClassLoader())); } catch (ClassNotFoundException e) { // Sun forgot their own class if (!className.equals("sun.security.pkcs11.P11MAC")) { fail("Could not find class " + className + " for " + typeAndAlgorithm); } } } // make sure all aliases point to some known implementation for (Entry<String, String> entry : aliases.entrySet()) { String alias = entry.getKey(); String actual = entry.getValue(); assertTrue( "Could not find implementation " + actual + " for alias " + alias, implementations.containsKey(actual)); } } }
public static void main(String[] argv) throws Exception { OptionSet args = parseOptions(argv); if (args.has(OPT_VERBOSE)) { verbose = true; // Set up slf4j simple in a way that pleases us System.setProperty("org.slf4j.simpleLogger.defaultLogLevel", "debug"); System.setProperty("org.slf4j.simpleLogger.showThreadName", "true"); System.setProperty("org.slf4j.simpleLogger.showShortLogName", "true"); System.setProperty("org.slf4j.simpleLogger.levelInBrackets", "true"); } else { System.setProperty("org.slf4j.simpleLogger.defaultLogLevel", "warn"); } if (args.has(OPT_VERSION)) { String version = "apdu4j " + getVersion(SCTool.class); // Append host information version += "\nRunning on " + System.getProperty("os.name"); version += " " + System.getProperty("os.version"); version += " " + System.getProperty("os.arch"); version += ", Java " + System.getProperty("java.version"); version += " by " + System.getProperty("java.vendor"); System.out.println(version); } if (args.has(OPT_TEST_SERVER)) { // TODO: have the possibility to run SocketServer as well? RemoteTerminalServer srv = new RemoteTerminalServer(TestServer.class); srv.start(string2socket((String) args.valueOf(OPT_TEST_SERVER))); System.console().readLine("Press enter to stop\n"); srv.stop(1); System.exit(0); } // List TerminalFactory providers if (args.has(OPT_PROVIDERS)) { Provider providers[] = Security.getProviders("TerminalFactory.PC/SC"); if (providers != null) { System.out.println("Existing TerminalFactory providers:"); for (Provider p : providers) { System.out.println(p.getName()); } } } // Fix properties on non-windows platforms TerminalManager.fixPlatformPaths(); // Only applies to SunPCSC if (args.has(OPT_NO_GET_RESPONSE)) { System.setProperty("sun.security.smartcardio.t0GetResponse", "false"); System.setProperty("sun.security.smartcardio.t1GetResponse", "false"); } // Override PC/SC library path if (args.has(OPT_LIB)) { System.setProperty("sun.security.smartcardio.library", (String) args.valueOf(OPT_LIB)); } TerminalFactory tf = null; CardTerminals terminals = null; try { // Get a terminal factory if (args.has(OPT_PROVIDER)) { String pn = (String) args.valueOf(OPT_PROVIDER); String pt = (String) args.valueOf(OPT_PROVIDER_TYPE); tf = loadFactory(pn, pt); } else if (args.has(OPT_SUN)) { tf = loadFactory(SUN_CLASS, null); } else if (args.has(OPT_JNA)) { tf = loadFactory(JNA_CLASS, null); } else { tf = TerminalFactory.getDefault(); } if (verbose) { System.out.println( "# Using " + tf.getProvider().getClass().getCanonicalName() + " - " + tf.getProvider()); if (System.getProperty(TerminalManager.lib_prop) != null) { System.out.println( "# " + TerminalManager.lib_prop + "=" + System.getProperty(TerminalManager.lib_prop)); } } // Get all terminals terminals = tf.terminals(); } catch (Exception e) { // XXX: we catch generic Exception here to avoid importing JNA. // Try to get a meaningful message String msg = TerminalManager.getExceptionMessage(e); if (msg == null) msg = e.getMessage(); System.out.println("No readers: " + msg); System.exit(1); } // Terminals to work on List<CardTerminal> do_readers = new ArrayList<CardTerminal>(); try { // List Terminals if (args.has(CMD_LIST)) { List<CardTerminal> terms = terminals.list(); if (verbose) { System.out.println( "# Found " + terms.size() + " terminal" + (terms.size() == 1 ? "" : "s")); } if (terms.size() == 0) { System.err.println("No readers found"); System.exit(1); } for (CardTerminal t : terms) { String vmd = " "; try (PinPadTerminal pp = new PinPadTerminal(t)) { pp.probe(); // Verify, Modify, Display if (verbose) { vmd += "["; vmd += pp.canVerify() ? "V" : " "; vmd += pp.canModify() ? "M" : " "; vmd += pp.hasDisplay() ? "D" : " "; vmd += "] "; } } catch (CardException e) { if (verbose) { System.err.println("Could not probe PinPad: " + e.getMessage()); } } System.out.println((t.isCardPresent() ? "[*]" : "[ ]") + vmd + t.getName()); if (args.has(OPT_VERBOSE) && t.isCardPresent()) { Card c = t.connect("DIRECT"); String atr = HexUtils.encodeHexString(c.getATR().getBytes()).toUpperCase(); c.disconnect(false); System.out.println(" " + atr); if (args.has(OPT_WEB)) { String url = "http://smartcard-atr.appspot.com/parse?ATR=" + atr; if (Desktop.isDesktopSupported()) { Desktop.getDesktop().browse(new URI(url + "&from=apdu4j")); } else { System.out.println(" " + url); } } } } } // Select terminals to work on if (args.has(OPT_READER)) { String reader = (String) args.valueOf(OPT_READER); CardTerminal t = terminals.getTerminal(reader); if (t == null) { System.err.println("Reader \"" + reader + "\" not found."); System.exit(1); } do_readers = Arrays.asList(t); } else { do_readers = terminals.list(State.CARD_PRESENT); if (do_readers.size() > 1 && !args.hasArgument(OPT_ALL)) { System.err.println("More than one reader with a card found."); System.err.println("Run with --" + OPT_ALL + " to work with all found cards"); System.exit(1); } else if (do_readers.size() == 0 && !args.has(CMD_LIST)) { // But if there is a single reader, wait for a card insertion List<CardTerminal> empty = terminals.list(State.CARD_ABSENT); if (empty.size() == 1 && args.has(OPT_WAIT)) { CardTerminal rdr = empty.get(0); System.out.println("Please enter a card into " + rdr.getName()); if (!empty.get(0).waitForCardPresent(30000)) { System.out.println("Timeout."); } else { do_readers = Arrays.asList(rdr); } } else { System.err.println("No reader with a card found!"); System.exit(1); } } } } catch (CardException e) { System.out.println("Could not list readers: " + TerminalManager.getExceptionMessage(e)); e.printStackTrace(); } for (CardTerminal t : do_readers) { work(t, args); } }
public String hashSignExternalTimestamp(String read, String write) throws Exception { Provider prov = entry.getProvider(); PrivateKey key = entry.getPrivateKey(); Certificate[] chain = entry.getCertificateChain(); PdfReader reader = new PdfReader(read); int pageCount = reader.getNumberOfPages(); File outputFile = new File(write); PdfStamper stp = PdfStamper.createSignature(reader, null, '\0', outputFile, true); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setProvider(prov.getName()); sap.setReason(getReason()); sap.setLocation(getLocation()); sap.setContact(getContact()); sap.setCrypto(null, chain, null, PdfSignatureAppearance.SELF_SIGNED); int[] coord = LoadImageAction.getImageXY(); if (!LoadImageAction.posMatriz) { // Se for por coordenadas do sample coord[0] = LoadImageAction.getAssX(); coord[1] = LoadImageAction.getAssY(); } // Adicionar imagem ao PDF se for para utilizar if (!isSignatureVisible()) { sap.setLayer2Text(""); } else { if (LoadImageAction.getFlagPDF()) { sap.setAcro6Layers(true); Image img = LoadImageAction.getAssImagePDF(); if (LoadImageAction.getPagToSign() == -1) sap.setVisibleSignature( new Rectangle( coord[0], coord[1], coord[0] + img.getWidth(), coord[1] + img.getHeight()), pageCount, null); else sap.setVisibleSignature( new Rectangle( coord[0], coord[1], coord[0] + img.getWidth(), coord[1] + img.getHeight()), LoadImageAction.getPagToSign(), null); sap.setLayer2Text("\n\n(Doc. assinado digitalmente)"); sap.setImage(img); } else { if (LoadImageAction.getPagToSign() == -1) sap.setVisibleSignature( new Rectangle(coord[0], coord[1], coord[0] + 150, coord[1] + 40), pageCount, null); else sap.setVisibleSignature( new Rectangle(coord[0], coord[1], coord[0] + 150, coord[1] + 40), LoadImageAction.getPagToSign(), null); sap.setLayer2Text(getSignatureText((X509Certificate) chain[0], sap.getSignDate())); } } PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new PdfName("adbe.pkcs7.detached")); // $NON-NLS-1$ dic.setReason(sap.getReason()); dic.setLocation(sap.getLocation()); dic.setContact(sap.getContact()); dic.setDate(new PdfDate(sap.getSignDate())); sap.setCryptoDictionary(dic); int contentEstimated = 15000; HashMap<Object, Object> exc = new HashMap<Object, Object>(); exc.put(PdfName.CONTENTS, new Integer(contentEstimated * 2 + 2)); sap.preClose(exc); PdfPKCS7 sgn = new PdfPKCS7(key, chain, null, "SHA1", prov.getName(), false); InputStream data = sap.getRangeStream(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); // $NON-NLS-1$ byte buf[] = new byte[8192]; int n; while ((n = data.read(buf)) > 0) { messageDigest.update(buf, 0, n); } byte hash[] = messageDigest.digest(); Calendar cal = Calendar.getInstance(); byte[] ocsp = null; if (isUseOCSP() && chain.length >= 2) { String url = PdfPKCS7.getOCSPURL((X509Certificate) chain[0]); if (url != null && url.length() > 0) ocsp = new OcspClientBouncyCastle((X509Certificate) chain[0], (X509Certificate) chain[1], url) .getEncoded(); } byte sh[] = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp); sgn.update(sh, 0, sh.length); TSAClient tsc = null; if (isUseTSA() && tsaLocation != null) tsc = new TSAClientBouncyCastle(tsaLocation); // o PIN/PASS dos certificados � pedido aqui byte[] encodedSig = sgn.getEncodedPKCS7(hash, cal, tsc, ocsp); if (contentEstimated + 2 < encodedSig.length) throw new Exception("Not enough space"); // $NON-NLS-1$ byte[] paddedSig = new byte[contentEstimated]; System.arraycopy(encodedSig, 0, paddedSig, 0, encodedSig.length); PdfDictionary dic2 = new PdfDictionary(); dic2.put(PdfName.CONTENTS, new PdfString(paddedSig).setHexWriting(true)); sap.close(dic2); deleteFile(read); return write; }
/** * Inicializa un almacén PKCS#11. * * @param pssCallBack Callback para la recuperación de la contraseña del * almacén. * @param params Parametros adicionales para la configuración del almacén. * @return Array con los almacenes configurados. * @throws AOKeyStoreManagerException Cuando ocurre un error durante la inicialización. * @throws IOException Cuando se indique una contraseña incorrecta para la apertura del * almacén. * @throws es.gob.afirma.keystores.main.common.MissingSunPKCS11Exception Si no se encuentra la * biblioteca SunPKCS11 */ private List<KeyStore> initPKCS11(final PasswordCallback pssCallBack, final Object[] params) throws AOKeyStoreManagerException, IOException { // En el "params" debemos traer los parametros: // [0] -p11lib: Biblioteca PKCS#11, debe estar en el Path (Windows) o en el LD_LIBRARY_PATH // (UNIX, Linux, Mac OS X) // [1] -desc: Descripcion del token PKCS#11 (opcional) // [2] -slot: Numero de lector de tarjeta (Sistema Operativo) [OPCIONAL] // Anadimos el proveedor PKCS11 de Sun if (params == null || params.length < 2) { throw new IOException( "No se puede acceder al KeyStore PKCS#11 si no se especifica la biblioteca"); //$NON-NLS-1$ } final String p11lib; if (params[0] != null) { p11lib = params[0].toString(); } else { throw new IllegalArgumentException( "No se puede acceder al KeyStore PKCS#11 si se especifica una biblioteca nula"); //$NON-NLS-1$ } // Numero de lector Integer slot = null; if (params.length >= 3 && params[2] instanceof Integer) { slot = (Integer) params[2]; } // Agregamos un nombre a cada PKCS#11 para asegurarnos de no se // agregan mas de una vez como provider. // Si ya se cargo el PKCS#11 anteriormente, se volvera a instanciar. final String p11ProviderName = new File(p11lib).getName().replace('.', '_').replace(' ', '_'); Provider p11Provider = Security.getProvider("SunPKCS11-" + p11ProviderName); // $NON-NLS-1$ if (p11Provider == null) { Constructor<?> sunPKCS11Contructor; try { sunPKCS11Contructor = Class.forName("sun.security.pkcs11.SunPKCS11") .getConstructor(InputStream.class); // $NON-NLS-1$ } catch (final Exception e) { throw new MissingSunPKCS11Exception(e); } final byte[] config = KeyStoreUtilities.createPKCS11ConfigFile(p11lib, p11ProviderName, slot).getBytes(); try { p11Provider = (Provider) sunPKCS11Contructor.newInstance(new ByteArrayInputStream(config)); } catch (final Exception e) { // El PKCS#11 del DNIe a veces falla a la primera pero va // correctamente a la segunda // asi que reintentamos una vez mas try { p11Provider = (Provider) sunPKCS11Contructor.newInstance(new ByteArrayInputStream(config)); } catch (final Exception ex) { throw new AOKeyStoreManagerException( "No se ha podido instanciar el proveedor SunPKCS11 para la la biblioteca " + p11lib, ex); //$NON-NLS-1$ } } Security.addProvider(p11Provider); } else { LOGGER.info( "El proveedor SunPKCS11 solicitado ya estaba instanciado, se reutilizara esa instancia: " + p11Provider.getName()); // $NON-NLS-1$ } try { this.ks = KeyStore.getInstance(this.ksType.getProviderName(), p11Provider); } catch (final Exception e) { Security.removeProvider(p11Provider.getName()); p11Provider = null; throw new AOKeyStoreManagerException( "No se ha podido obtener el almacen PKCS#11", e); // $NON-NLS-1$ } try { this.ks.load(null, pssCallBack != null ? pssCallBack.getPassword() : null); } catch (final IOException e) { if (e.getCause() instanceof UnrecoverableKeyException || e.getCause() instanceof BadPaddingException) { throw new IOException("Contrasena invalida: " + e, e); // $NON-NLS-1$ } throw new AOKeyStoreManagerException( "No se ha podido obtener el almacen PKCS#11 solicitado", e); // $NON-NLS-1$ } catch (final CertificateException e) { Security.removeProvider(p11Provider.getName()); p11Provider = null; throw new AOKeyStoreManagerException( "No se han podido cargar los certificados del almacen PKCS#11 solicitado", e); //$NON-NLS-1$ } catch (final NoSuchAlgorithmException e) { Security.removeProvider(p11Provider.getName()); p11Provider = null; throw new AOKeyStoreManagerException( "No se ha podido verificar la integridad del almacen PKCS#11 solicitado", e); //$NON-NLS-1$ } final List<KeyStore> ret = new ArrayList<KeyStore>(1); ret.add(this.ks); return ret; }
public CertificationAuthorities getRoots(AbstractTask task) throws GeneralSecurityException, IOException { CertificationAuthorities roots = null; boolean rootsOk = false; String error = null; try { CertificationAuthorities CNIPARoot = new CertificationAuthorities(); try { CNIPARoot.addCertificateAuthority(CNIPARoot.getBytesFromPath(this.CNIPACACertFilePath)); } catch (GeneralSecurityException e) { log(task, "Errore nell'inizializzazione della CA CNIPA: " + e); } X509Certificate cert = null; CertStore certs = null; CMSSignedData CNIPA_CMS = null; try { CNIPA_CMS = getCNIPA_CMS(); } catch (FileNotFoundException ex) { log(task, "Errore nell'acquisizione del file: " + ex); } Provider p = new org.bouncycastle.jce.provider.BouncyCastleProvider(); if (Security.getProvider(p.getName()) == null) Security.addProvider(p); try { certs = CNIPA_CMS.getCertificatesAndCRLs("Collection", "BC"); } catch (CMSException ex2) { log(task, "Errore nel CMS delle RootCA"); } catch (NoSuchProviderException ex2) { log(task, "Non esiste il provider del servizio"); } catch (NoSuchAlgorithmException ex2) { log(task, "Errore nell'algoritmo"); } if (certs != null) { SignerInformationStore signers = CNIPA_CMS.getSignerInfos(); Collection c = signers.getSigners(); System.out.println(c.size() + " signers found."); Iterator it = c.iterator(); // ciclo tra tutti i firmatari int i = 0; while (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = null; try { certCollection = certs.getCertificates(signer.getSID()); } catch (CertStoreException ex1) { log(task, "Errore nel CertStore"); } if (certCollection.size() == 1) { // task.setStatus(++current, // "Verifica delle CA firmate dal CNIPA..."); byte[] signerFingerprint = getCertFingerprint((X509Certificate) certCollection.toArray()[0]); System.out.println("Signer fingerprint: " + formatAsGUString(signerFingerprint, 2)); if (Arrays.equals(signerFingerprint, this.userApprovedFingerprint)) { VerifyResult vr = new VerifyResult( (X509Certificate) certCollection.toArray()[0], CNIPA_CMS, CNIPARoot, signer, false); rootsOk = vr.getPassed(); error = vr.getCRLerror(); } else log(task, "Signer certs has wrong fingerprint!"); } else log(task, "There is not exactly one certificate for this signer!"); i++; } } } catch (IOException e) { e.printStackTrace(); } catch (CMSException e) { e.printStackTrace(); } if (rootsOk) { roots = new CertificationAuthorities(getCmsInputStream(this.CAFilePath), true); } else { log(task, "Verifica del file CNIPA delle root CA fallita!"); } return roots; }
public void insertImageRubrica(PdfReader reader, int pageCount, String fileWrite) { int iniY = 841 - 10; int iniX = 595 - 10; try { // Verificar qual � a imagem para utilizar na rubrica Image img = null; if (LoadImageAction.rubimgSameass) img = LoadImageAction.getAssImagePDF(); else img = LoadImageAction.getRubImagePDF(); // Criar Modelo para as Rubricas ByteArrayOutputStream out = new ByteArrayOutputStream(); PdfStamper stp1 = new PdfStamper(reader, out, '\3', true); PdfFormField sig = PdfFormField.createSignature(stp1.getWriter()); if (LoadImageAction.posRubSame) { int[] coord = LoadImageAction.getImageXY(); if (!LoadImageAction.posMatriz) { // Se for por coordenadas do sample coord[0] = LoadImageAction.getAssX(); coord[1] = LoadImageAction.getAssY(); } sig.setWidget( new Rectangle( coord[0], coord[1], coord[0] + img.getWidth(), coord[1] + img.getHeight()), null); } else { sig.setWidget( new Rectangle(iniX - img.getWidth(), iniY - img.getHeight(), iniX, iniY), null); } sig.setFlags(PdfAnnotation.FLAGS_PRINT); sig.put(PdfName.DA, new PdfString("/Helv 0 Tf 0 g")); sig.setFieldName("Assinaturas"); sig.setPage(1); // Se a imagem da rubrica n for a mesma da assinatura n�o mete na ultima pag if (!LoadImageAction.rubimgSameass) pageCount = pageCount - 1; // Inserir em todas as paginas o Modelo for (int i = 1; i <= pageCount; i++) stp1.addAnnotation(sig, i); stp1.close(); // Guardar/Ler PDF com modelos inseridos reader = new PdfReader(out.toByteArray()); File outputFile = new File(fileWrite); // Preencher Modelo com Dados PdfStamper stp = PdfStamper.createSignature(reader, null, '\0', outputFile, true); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setAcro6Layers(true); reader.close(); sap.setVisibleSignature("Assinaturas"); sap.setLayer2Text("\n\n(Doc. assinado digitalmente)"); sap.setImage(img); PdfSignature dic = new PdfSignature( PdfName.ADOBE_PPKLITE, new PdfName("adbe.pkcs7.detached")); // $NON-NLS-1$ dic.setReason(sap.getReason()); dic.setLocation(sap.getLocation()); dic.setContact(sap.getContact()); dic.setDate(new PdfDate(sap.getSignDate())); sap.setCryptoDictionary(dic); int contentEstimated = 15000; HashMap<Object, Object> exc = new HashMap<Object, Object>(); exc.put(PdfName.CONTENTS, new Integer(contentEstimated * 2 + 2)); sap.preClose(exc); Provider prov = entry.getProvider(); PrivateKey key = entry.getPrivateKey(); Certificate[] chain = entry.getCertificateChain(); PdfPKCS7 sgn = new PdfPKCS7(key, chain, null, "SHA1", prov.getName(), false); // $NON-NLS-1$ InputStream data = sap.getRangeStream(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); // $NON-NLS-1$ byte buf[] = new byte[8192]; int n; while ((n = data.read(buf)) > 0) { messageDigest.update(buf, 0, n); } byte hash[] = messageDigest.digest(); Calendar cal = Calendar.getInstance(); byte[] ocsp = null; if (isUseOCSP() && chain.length >= 2) { String url = PdfPKCS7.getOCSPURL((X509Certificate) chain[0]); if (url != null && url.length() > 0) ocsp = new OcspClientBouncyCastle( (X509Certificate) chain[0], (X509Certificate) chain[1], url) .getEncoded(); } byte sh[] = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp); sgn.update(sh, 0, sh.length); TSAClient tsc = null; if (isUseTSA() && tsaLocation != null) tsc = new TSAClientBouncyCastle(tsaLocation); byte[] encodedSig = sgn.getEncodedPKCS7(hash, cal, tsc, ocsp); if (contentEstimated + 2 < encodedSig.length) throw new Exception("Not enough space"); // $NON-NLS-1$ byte[] paddedSig = new byte[contentEstimated]; PdfDictionary dic2 = new PdfDictionary(); System.arraycopy(encodedSig, 0, paddedSig, 0, encodedSig.length); dic2.put(PdfName.CONTENTS, new PdfString(paddedSig).setHexWriting(true)); sap.close(dic2); } catch (Exception e) { e.printStackTrace(); } }
protected void tearDown() throws Exception { super.tearDown(); Security.removeProvider(support_TestProvider.getName()); }
public static void main(String[] args) throws Exception { // Dynamically register the SunMSCAPI provider Security.addProvider(new sun.security.mscapi.SunMSCAPI()); Provider p = Security.getProvider("SunMSCAPI"); System.out.println("SunMSCAPI provider classname is " + p.getClass().getName()); System.out.println("SunMSCAPI provider name is " + p.getName()); System.out.println("SunMSCAPI provider version # is " + p.getVersion()); System.out.println("SunMSCAPI provider info is " + p.getInfo()); /* * Secure Random */ SecureRandom random = SecureRandom.getInstance("Windows-PRNG", p); System.out.println(" Windows-PRNG is implemented by: " + random.getClass().getName()); /* * Key Store */ KeyStore keystore = KeyStore.getInstance("Windows-MY", p); System.out.println(" Windows-MY is implemented by: " + keystore.getClass().getName()); keystore = KeyStore.getInstance("Windows-ROOT", p); System.out.println(" Windows-ROOT is implemented by: " + keystore.getClass().getName()); /* * Signature */ Signature signature = Signature.getInstance("SHA1withRSA", p); System.out.println(" SHA1withRSA is implemented by: " + signature.getClass().getName()); signature = Signature.getInstance("MD5withRSA", p); System.out.println(" MD5withRSA is implemented by: " + signature.getClass().getName()); signature = Signature.getInstance("MD2withRSA", p); System.out.println(" MD2withRSA is implemented by: " + signature.getClass().getName()); /* * Key Pair Generator */ KeyPairGenerator keypairGenerator = KeyPairGenerator.getInstance("RSA", p); System.out.println(" RSA is implemented by: " + keypairGenerator.getClass().getName()); /* * Cipher */ Cipher cipher = null; try { cipher = Cipher.getInstance("RSA", p); System.out.println(" RSA is implemented by: " + cipher.getClass().getName()); cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", p); System.out.println( " RSA/ECB/PKCS1Padding is implemented by: " + cipher.getClass().getName()); } catch (GeneralSecurityException e) { System.out.println("Cipher not supported by provider, skipping..."); } }
private byte[] getFingerprint() { byte[] fingerprint = null; byte[] serial = null; CertStore certs = null; CMSSignedData CNIPA_CMS = null; try { CNIPA_CMS = getCNIPA_CMS(); } catch (FileNotFoundException ex) { System.out.println("Errore nella lettura del file delle RootCA: " + ex); } catch (CMSException e) { System.out.println("Errore nel CMS delle RootCA: " + e); } Provider p = new org.bouncycastle.jce.provider.BouncyCastleProvider(); if (Security.getProvider(p.getName()) == null) Security.addProvider(p); try { certs = CNIPA_CMS.getCertificatesAndCRLs("Collection", "BC"); } catch (CMSException ex2) { System.out.println("Errore nel CMS delle RootCA"); } catch (NoSuchProviderException ex2) { System.out.println("Non esiste il provider del servizio"); } catch (NoSuchAlgorithmException ex2) { System.out.println("Errore nell'algoritmo"); } if (certs == null) System.out.println("No certs for CNIPA signature!"); else { SignerInformationStore signers = CNIPA_CMS.getSignerInfos(); Collection c = signers.getSigners(); if (c.size() != 1) { System.out.println("There is not exactly one signer!"); } else { Iterator it = c.iterator(); if (it.hasNext()) { SignerInformation signer = (SignerInformation) it.next(); Collection certCollection = null; try { certCollection = certs.getCertificates(signer.getSID()); if (certCollection.size() == 1) { X509Certificate cnipaSignerCert = (X509Certificate) certCollection.toArray()[0]; fingerprint = getCertFingerprint(cnipaSignerCert); serial = cnipaSignerCert.getSerialNumber().toByteArray(); } else System.out.println("There is not exactly one certificate for this signer!"); } catch (CertStoreException ex1) { System.out.println("Errore nel CertStore"); } } } } if (JOptionPane.YES_OPTION == JOptionPane.showConfirmDialog( null, conf.getAcceptCAmsg() + "Seriale: " + ((serial == null) ? "impossibile calcolare il numero seriale" : formatAsGUString(serial, 1)) + "\n" + "Impronta SHA1: " + ((fingerprint == null) ? "impossibile calcolare l'impronta" : formatAsGUString(fingerprint, 2)) + "\n", "Impronta Certificato Presidente CNIPA", JOptionPane.YES_NO_OPTION)) return fingerprint; return null; }
/** * Private/Public Keys for a certificate * * @return * @throws NoSuchProviderException * @throws NoSuchAlgorithmException */ private KeyPair newKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", bouncyCastleProvider.getName()); keyPairGenerator.initialize(2048, secureRandom); return keyPairGenerator.generateKeyPair(); }
/** * Replacement for JCA/JCE's {@link javax.crypto.Cipher#getInstance}. The original method only * accepts JCE providers from signed jars, which prevents us from bundling our cryptography * provider Bouncy Caster with the application. * * @param transformation the transformation to find an implementation for */ public static Cipher getCipher(final String transformation) { try { /* Split the transformation into algorithm, mode and padding */ final Matcher transformation_matcher = s_transformation_pattern.matcher(transformation.toUpperCase()); if (!transformation_matcher.matches()) throw new RuntimeException("Transformation " + transformation + " is invalid"); final String algorithm = transformation_matcher.group(1); final String mode = transformation_matcher.group(3); final String padding = transformation_matcher.group(4); final boolean isBareAlgorithm = (mode == null) && (padding == null); /* Build the property values we need to search for. */ final String algorithmModePadding = !isBareAlgorithm ? algorithm + "/" + mode + "/" + padding : null; final String algorithmMode = !isBareAlgorithm ? algorithm + "/" + mode : null; final String algorithmPadding = !isBareAlgorithm ? algorithm + "//" + padding : null; /* Search the provider for implementations. We ask for more specific (i.e matching * the requested mode and or padding) implementation first, then fall back to more * generals ones which we then must configure for the mode and padding. */ final CipherSpi cipherSpi; if (!isBareAlgorithm && (resolveProperty(Provider, "Cipher", algorithmModePadding) != null)) { @SuppressWarnings("unchecked") final Class<? extends CipherSpi> cipherSpiClass = (Class<? extends CipherSpi>) Class.forName(resolveProperty(Provider, "Cipher", algorithmModePadding)); cipherSpi = cipherSpiClass.newInstance(); } else if (!isBareAlgorithm && (resolveProperty(Provider, "Cipher", algorithmMode) != null)) { @SuppressWarnings("unchecked") final Class<? extends CipherSpi> cipherSpiClass = (Class<? extends CipherSpi>) Class.forName(resolveProperty(Provider, "Cipher", algorithmMode)); cipherSpi = cipherSpiClass.newInstance(); if (!isBareAlgorithm) cipherSpiSetPadding(cipherSpi, padding); } else if (!isBareAlgorithm && (resolveProperty(Provider, "Cipher", algorithmPadding) != null)) { @SuppressWarnings("unchecked") final Class<? extends CipherSpi> cipherSpiClass = (Class<? extends CipherSpi>) Class.forName(resolveProperty(Provider, "Cipher", algorithmPadding)); cipherSpi = cipherSpiClass.newInstance(); if (!isBareAlgorithm) cipherSpiSetMode(cipherSpi, mode); } else if (resolveProperty(Provider, "Cipher", algorithm) != null) { @SuppressWarnings("unchecked") final Class<? extends CipherSpi> cipherSpiClass = (Class<? extends CipherSpi>) Class.forName(resolveProperty(Provider, "Cipher", algorithm)); cipherSpi = cipherSpiClass.newInstance(); if (!isBareAlgorithm) { cipherSpiSetMode(cipherSpi, mode); cipherSpiSetPadding(cipherSpi, padding); } } else { throw new RuntimeException( "Provider " + Provider.getName() + " (" + Provider.getClass() + ") does not implement " + transformation); } /* Create a {@link javax.crypto.Cipher} instance from the {@link javax.crypto.CipherSpi} the provider gave us */ s_logger.info("Using SPI " + cipherSpi.getClass() + " for " + transformation); return getCipher(cipherSpi, transformation.toUpperCase()); } catch (final RuntimeException e) { throw e; } catch (final Error e) { throw e; } catch (final Throwable e) { throw new RuntimeException( "Provider " + Provider.getName() + " (" + Provider.getClass() + ") failed to instanciate " + transformation, e); } }